Spring Security: session expiration without redirect to expired-url?
Posted
by Kdeveloper
on Stack Overflow
See other posts from Stack Overflow
or by Kdeveloper
Published on 2010-04-22T18:04:52Z
Indexed on
2010/04/22
18:13 UTC
Read the original article
Hit count: 1022
I'm using Spring Security 3.0.2 form based authentication. But I can't figure out how I can configure it so that when a session expires that the request is not redirect to an other page (expired-url) or displays a 'session expires' message.
I don't want any redirect or messages, I want that a anonymous session is started just like when a user without a session enters the website.
My current configuration:
<http>
<intercept-url pattern="/login.action*" filters="none"/>
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<form-login login-page="/login.action"
authentication-failure-url="/login.action?error=failed"
login-processing-url="/login-handler.action"/>
<logout logout-url="/logoff-execute.action"
logout-success-url="/logoff.action?done=1"/>
<remember-me key="remember-me-security" services-ref="rememberMeServices"/>
<session-management >
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false"
expired-url="/login.action?error=expired.url"/>
</session-management>
</http>
© Stack Overflow or respective owner